8 Replies Latest reply on Jun 27, 2017 8:29 AM by bigtom

    Orange blocked ssl on internal lan

    Fulvio Di Rosa

      hi all, from external connection by client Filemaker Win & Mac, Mobile GO and Webdirect i see my database SSL with green color.

      Only on internal lan with host Server.local i can connect from clients but in orange color; if i try host with dns mydomain.com (as external mode) connection is refused.

      What can i check?

        • 1. Re: Orange blocked ssl on internal lan
          Menno

          You should have your Lan's DNS point from your mydomain.com to the internal fm-server. It is totally depending on your internal hardware configuration on how to do that.

          • 2. Re: Orange blocked ssl on internal lan
            Fulvio Di Rosa

            I know but where? I've been an new and clean installation of Win 2012 R2 server, without role but with firewall opened on 5003,80,16000 and 443 ports.

            On ISP side i create a DNS record type A to redirect dns-name to xxx.xxx.xxx.xxx public IP, finally on router the 5003,80,16000 and 443 are forwarding to internal 10.0.0.xxxx server machine.

            • 3. Re: Orange blocked ssl on internal lan
              Mike Duncan

              Hi Fulvio,

              This is about network topology. When you connect with SSL enabled, the domain name you use to connect needs to match the domain name on the certificate. When you connect with server.local, it will not match, that is why it shows the error. Note that it will not disable SSL, it just shows the error.

              You either need a local DNS server, so that when you are in you local network, it serves the local IP when you type in the fully qualified domain name, OR you can update the local hosts file on your machine. You can google for how to update your hosts file, depending on your OS. Just know that if you set the hosts file with the local IP, you will need to undo that change if you are outside your local network.

              If you have local users, you may want to setup local DNS. If it is just you, you might just want to ignore it.

              Mike

              1 of 1 people found this helpful
              • 4. Re: Orange blocked ssl on internal lan
                bigtom

                As has been mentioned it is about the network. The good news is that the orange lock you get means the connection is encrypted and secure but the certificate could not verify the domain.  Most of my clients understand this and choose to ignore any further action.

                 

                The other easy thing to do is host in the cloud, but not always possible for everyone.

                • 5. Re: Orange blocked ssl on internal lan
                  Menno

                  This should be done in the local dns-server (if you have one) Either your local domain controller has DNS or your router/firewall has a built-in dns-server. Check with your network-administrator to solve this, since this is totally depending on your local network setup. None of us here can tell you what to do.

                   

                  My own situation is: I have a zyxel firewall/router and that device is also a dns-server. I have entered a rule that points any call to mydomain.com to my local fmserver. Something like that needs to be done in your network too.

                   

                  You can also choose to ignore the orange-lock as both bigtom and logicurio suggested, since the connection is local and encrypted anyway.

                  • 6. Re: Orange blocked ssl on internal lan
                    bigtom

                    Menno van Beek wrote:

                     

                    My own situation is: I have a zyxel firewall/router and that device is also a dns-server. I have entered a rule that points any call to mydomain.com to my local fmserver.

                    Many people might want to make sure www.mydomain.com makes it out tot he internet.

                    • 7. Re: Orange blocked ssl on internal lan
                      Menno

                      bigtom wrote:

                       

                      Many people might want to make sure www.mydomain.com makes it out tot he internet.

                      true, the entry in the DNS should have the address fmserver.mydomain.com point to the local server.

                       

                      As I said, we have no information (nor do we need to have that) on how the infrastructure of OP looks like. So in the global explanation about "where to start" I thought such details would be too much information.

                      1 of 1 people found this helpful
                      • 8. Re: Orange blocked ssl on internal lan
                        bigtom

                        Could go wrong either way.